Hands up who DIDN’T exploit this years-old flaw to ransack a US govt web server…


Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency’s Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution.

The snafu happened between November 2022 and early January, according to a joint alert from the FBI, CISA, and America’s Multi-State Information Sharing and Analysis Center (MS-ISAC) this week.

Read more…
Source: The Register